Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

Multiple VPN Groups, Same ASA, Same ACS

I've searched through the forums a bit and there were several conversations that similar to what I was doing but I could not find any that were exact. Here is my scenario:

One ASA5520 as the Remote Access VPN head unit (IPSEC).

One Cisco ACS Server for VPN authentication as well as network device authentication for admins.

Network Device authenticaiton uses TACACS. Remote Access VPN uses RADIUS. I have a active directory group that is mapped to an NDG that VPN users authenticate with.

I have need of a new, separate VPN for consultants. I want to use a different tunnel group and IP address range so I can define downloadable ACL's based on the group - not the users.

Whe I try and map another NDG to a new AD group, that works. When I try and add the ASA's IP address as the requestor, I'm greeted with a message that I cannot add the same IP twice.

There has to be a way to do this with such a robust server...

If this posts answers your question or is helpful, please consider rating it and/or marking as answered.
2 REPLIES

Re: Multiple VPN Groups, Same ASA, Same ACS

There is no need to add ASA again in aaa-clients section. Previous entry will take care of all the radius request coming from ASA.

Regards,

~JG

Do rate helpful posts

Re: Multiple VPN Groups, Same ASA, Same ACS

I'm not really sure that answers my question... how do I authenticate to the separate AD group then? I want touse downloadable ACL's to the specific consultant group.

If this posts answers your question or is helpful, please consider rating it and/or marking as answered.
182
Views
0
Helpful
2
Replies